Google replaced the SSL certificates for its online services with new ones that use stronger, 2048-bit RSA keys, making encrypted connections to its sites safer against so-called brute-force attacks.
The company announced in May that it would increase the key length for its SSL certificates from 1024 bits to 2048 bits by the end of 2013.
[ Build and deploy an effective line of defense against corporate intruders with InfoWorld's Encryption Deep Dive PDF expert guide. Download it today! | Learn how to protect your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
"Coming in ahead of schedule, we have completed this process, which will allow the industry to start removing trust from weaker, 1024-bit keys next year," Google security engineer Dan Dulay said Monday in a blog post.
Until not long ago 1024-bit RSA keys were considered sufficiently strong because cracking them using brute force by systematically trying all possible combinations was viewed as impractical due to the computing power and time required. However, following the recent revelations about the mass data collection programs of the U.S. National Security Agency and its investments in groundbreaking cryptanalysis, that's no longer the case.
"After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break," Robert Graham, the CEO of security firm Errata Security, said in a blog post in September. "But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no 'breakthroughs,' the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips."
Increasing the key length for SSL certificates is not a new development, as many certificate authorities have stopped issuing new certificates with 1024-bit keys for a while. The Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, a set of guidelines published by the CAB (Certification Authority/Browser) Forum, states that all newly issued certificates that have a validity period ending after Dec. 31, 2013, should have 2048-bit RSA keys.
According to a November scan done by the SSL Pulse project, 96 percent of the Internet's top 162,480 HTTPS-enabled sites already use SSL certificates with 2048-bit keys.
"The deprecation of 1024-bit RSA is an industry-wide effort that we're happy to support, particularly in light of concerns about overbroad government surveillance and other forms of unwanted intrusion," Dulay said.
Google didn't rush to increase the key length earlier because its SSL configuration has been using the ECDHE (elliptic curve, ephemeral Diffie--Hellman) key-agreement protocol by default since 2011. This protocol has a property known as PFS (perfect forward secrecy) that makes it hard to decrypt previously captured traffic if the server's private key is compromised.